How to Upgrade Your GitHub API Authentication
If you’ve been getting lots of email notices when using GitHub API calls related to:
Deprecation notice for authentication via URL query parameters
Please use the Authorization HTTP header instead, as using the access_token query parameter is deprecated. If this token is being used by an app you don’t have control over, be aware that it may stop working as a result of this deprecation. Depending on your API usage, we’ll be sending you this email reminder on a monthly basis for each token and User-Agent used in API calls made on your behalf. Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.
Here’s what you need to know, when using access_token as a query param, if you’re currently making an API call similar to:
curl "https://api.github.com/user/repos?access_token=my_access_token"Instead, you should send the token in the header:
curl -H 'Authorization: token my_access_token' https://api.github.com/user/reposWhen using PHP, here’s the correct approach:
<?php
// Switch to HTTP Basic Authentication for GitHub API v3
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $requestUri,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: token " . $authorizeToken,
"User-Agent: YourAppName"
]
]);
$response = curl_exec($curl);
curl_close($curl);Using JavaScript:
var data = null;
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("GET", "https://api.github.com/repos/user/repo/releases");
xhr.setRequestHeader("Authorization", "token 1234567890");
xhr.setRequestHeader("User-Agent", "YourAppName");
xhr.setRequestHeader("Accept", "*/*");
xhr.setRequestHeader("Cache-Control", "no-cache");
xhr.setRequestHeader("Host", "api.github.com");
xhr.setRequestHeader("Accept-Encoding", "gzip, deflate");
xhr.setRequestHeader("Connection", "keep-alive");
xhr.setRequestHeader("cache-control", "no-cache");
xhr.send(data);Or using the Fetch API:
var myHeaders = new Headers();
myHeaders.append("Authorization", "token 1234567890");
const requestOptions = {
method: 'GET',
headers: myHeaders,
redirect: 'follow'
};
fetch("https://api.github.com/repos/user/repo/releases", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));Enjoy!
Use SpeedFactor to track your website. It’s simple and reliable.
See how real people experience the speed of your website. Then find (and fix) your web performance problems.
Get Started
